[OpenSIPS-Users] Blacklisting registered users at runtime (and have it be persistent).

Bogdan-Andrei Iancu bogdan at voice-system.ro
Tue Apr 21 10:24:31 CEST 2009 

Hi Bobby,

you can blacklist a user by forbidden it to register (at REGISTER time).

You can use something similar to groups / ACL to know what users to 
blacklist. As I guess you do auth before save("location"), use the 
"load_credential" auth_db param to load some extra fields from 
"subscriber" table (a new field "blacklisted") into an AVP. After auth 
succeeded, you will have the AVP populated and you can test its value 
and block or no the REGISTER.

Regards,
Bogdan

Bobby Smith wrote:
> Currently, we're facing an issue where we would like to blacklist a 
> particular request-user from registering.  We have approximately 
> 10,000 registered users, so it seems like using the blacklist module 
> to maintain a list of whitelist/blacklist users would be complicated 
> (and perhaps slow on lookups).
>
> What we would like to do, essentially, is blacklist a particular sip 
> user id (user only, not concerned about blacklisting ip's) by using 
> the opensipsctl script, or something to that effect.  I kind of have a 
> general gist of something I could do (install the user_blacklist 
> module, do an INSERT at runtime into that table with the sip user and 
> the blacklist flag),  but reading all the documentation, it seems to 
> require more than just a user and blacklist = true.
>
> I thought that there was an easy way from the opensipsctl script to 
> blacklist or ban particular users, but it looks like for ul anyways, 
> you can just remove a register.
>
> Any suggestions?  We would also need a way to remove that user from 
> the blacklist.  I'm also slightly hesitant of doing this at runtime 
> because of database locks or whatnot, and I don't want to cause the 
> application to crash.
>
> And, in the routing script, it would be something similar to (pseudocode):
>
> if(! a_blacklisted_user)
> {
>     if(!lookup("location")
>     {
>         sl_send_reply("401", "Unauthorized");
>         exit;
>     }
> }
>
>
> Thanks again for all the help.
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

More information about the Users mailing list